Computer Systems Are Increasingly Being Used To Essay

Length: 6 pages Sources: 6 Subject: Military Type: Essay Paper: #91637747 Related Topics: Computer Network, Use Of Force, Espionage, Computer Software
Excerpt from Essay :

¶ … computer systems are increasingly being used to cause widespread damage, with nation-states or individuals sponsored by nation-states making use of malicious codes to compromise 'enemy' information systems. In essence, cyber warfare has got to do with the attack on the information networks, computers, or infrastructure of another entity by an international organization or nation-state. In the context of this discussion, cyber war will be taken as the utilization of "coordinated attacks to specific critical sectors of a country" (Edwards, 2014, p. 67). The key aim of such attacks is usually sabotage or espionage. This text concerns itself with cyber warfare. In so doing, it will amongst other things analyze a journal article titled, Stuxnet: Dissecting a Cyber Warfare Weapon, by Ralph Langner. More specifically, the text will conduct a technical analysis of the said article and discuss not only the offensive and defensive Cyberware strategy, but also make recommendations on how to prevent or avert future Cyberware attacks. The relevance of this discussion cannot be overstated, particularly given that going forward; there is a high likelihood of the proliferation of more sophisticated variants of Stuxnet.

Background

Discovered sometime in mid-2010, Stuxnet, a sophisticated form of malicious software, was "the first demonstration, in the real world, of the capability of software to have a malicious physical effect" (Rosenzweig, 2013, p. 2). As a matter of fact, before the discovery of this potent cyber weapon, the mantra of most of those in the cyber and computer security realm, as Rosenzweig (2013, p. 2) further points out was, "cyber war only kills a bunch of little baby electrons." The discovery of Stuxnet, therefore, came as a real surprise, with most coming to the realization that cyber weapons like these had a real threat on physical infrastructure and, perhaps, human life as well, or what Rosenzweig refers to as "real babies."

In essence, Stuxnet was responsible for the destruction of numerous centrifuges that were being used for the enrichment of uranium (classified as weapons-grade) in Iran's Natanz nuclear facility. This it did by, amongst other things, triggering the acceleration of electric motors to speeds that were essentially dangerous -- turning the clock, with regard to the progress the country had made on its nuclear program, two years back. In a nutshell, this particular malicious software infected a physical manufacturing plant and made it malfunction, by triggering the breakdown of machines (Rosenzweig, 2013). This nature of the attack was unlike anything ever experienced before. Although the damage occasioned by Stuxnet was nowhere near severe, especially with regard to loss of lives, it was "figuratively, the first explosion of a cyber atomic bomb" (Rosenzweig, 2013).

Later on, in 2003, the Stuxnet cyber-attack was, according to the Global Research- Center for Research and Globalization (2013), termed an "act of force" by NATO. It is important to note that as the Tallinn Manual on the Law (international) relevant to Cyber Warfare observes, "acts that kill or injure persons or destroy or damage objects are unambiguously uses of force" (Global Research, 2013).

Stuxnet -- Dissecting a Cyberwarfare Weapon by Ralph Langner: A Technical Analysis of the Content, Implications and Conclusions

From the onset, Ralph Langner, the author of the article under consideration points out that "not only was Stuxnet much more complex than any piece of malware seen before, it also followed a completely new approach..." This is to say that this new form of malware took everyone totally by surprise. As a matter of fact, the approach taken by Stuxnet, as Langner further points out, did not, in any way, align with the "conventional confidentiality, integrity, and availability thinking" at the time. It is important to note that, contrary to what most people thought or believed, Stuxnet did not concern itself with the manipulation of data or espionage. Neither did it erase any information. Instead, as Langner notes, this particular form of malware sought to "physically destroy a military target -- not just metaphorically, but internet access. As it has been pointed out above, the real targets of attack were industrial controllers. The physical damage alluded to in the background section of this text could be attributed to the resulting controller manipulation.

It should be noted that when it comes to the distribution of the malware, the authors of Stuxnet chose to adopt a different route, different from that chosen or selected by the writers of various malicious programs that have been released in the past. The attackers, in this particular case, sought to limit the spread of the malware by relying on less common or unconventional distribution methods -- i.e. local networks and USB sticks. As Langner points out, Stuxnet was also quite picky when it came to its choice of the controllers to infect. This was despite that fact that it infected any windows computer. It only focused on controllers manufactured by Siemens, after which "it went through a complex process of fingerprinting to make sure it was on target" (Langner, 2011). On identifying the appropriate target, the malware then dropped onto the controller what Langner refers to as a 'loaded rogue code.' There have been claims on the media that Stuxnet was specifically designed for Iran's Natanz nuclear facility, with the blame finger being pointed in the direction of the U.S. And Israel. These, however, remain mere allegations with neither country acknowledging its involvement. What seems to be the case, however, is the fact that the said nuclear facility was the sole target of Stuxnet. It is important to note that although the malware's dropper did spread hundreds of thousands of infections around the world, controller infections were only limited to the Natanz facility. This Langner attributes to the fact that the rogue code was only loaded onto a controller once an exact fingerprint was identified or found.

In all, there were 3 controller code sets contained in the rogue driver DDL (Langner, 2011). As the author further points out, while two of these were bound for a Siemens 315 controller, the other controller code set sought out a 417 controller. It was one of these three controllers that were loaded unto a controller once the malware identified a matching controller target. Without going into the technical details, it is the code injections that, to use Langner's words "got Stuxnet in business - it could then do its thing and prevent legitimate code, which continued to be executed."

Vulnerability Assessment

It is important to note that, as scary as it may sound, threat mitigation efforts against sophisticated variants of Stuxnet might not work at all. As a matter of fact, with regard to Stuxnet, there are those who felt that the problem had been fixed with the release of a security patch by the software vendor, Microsoft. As Langner explains, the only part of Stuxnet affected by the patches was the dropper. This effectively means that the digital warheads remained in operation. The complexity that comes with attempts to fix the vulnerabilities exploited by the said digital warheads are "legitimate product features," as opposed to mere firm ware or software (Langner, 2011). In the final analysis, therefore, most vulnerabilities are here to stay. Indeed, as Langner observes, doing away with a specific vulnerability would call for the release of another product generation. The asset owners would also be required to retire the base before its scheduled retirement date. This is a real life scenario on many other fronts vulnerable to attacks; i.e. power grids, traffic systems, missile defense systems, other nuclear processing facilities, etc. According to Shakarian, Shakarian, and Ruef (2013), Cyberwar poses serious threat to any nation's national security. The questions one may, therefore, ask are; what is the ideal defensive and offensive Cyberware strategy? What could be done to prevent future Cyberware attacks such as Stuxnet?

Defensive and Offensive Cyberware Strategy: Threat Mitigation and Prevention of Cyberware Attacks

On a scenario such as the one recounted in Langner's hugely informative article, the author recommends the adoption of a different kind of controller that allows for digital code signing. This would help verify the origin of the code loaded. The controllers in place at the moment, as he…

Sources Used in Documents:

References

Edwards, M. (Ed.). (2014). Critical Infrastructure Protection. Fairfax, VA: IOS Press.

Global Research- Center for Research and Globalization (2013). U.S.-Israeli Stuxnet Cyber-attacks against Iran: "Act of War." Retrieved from http://www.globalresearch.ca/us-israeli-stuxnet-cyber-attacks-against-iran-act-of-war/5328514

Langner, L. (2011). Stuxnet: Dissecting a Cyberwarfare Weapon. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5772960&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5772960

Rosenzweig, P. (2013). Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World. Santa Barbara, California: ABC-CLIO.


Cite this Document:

"Computer Systems Are Increasingly Being Used To" (2014, August 06) Retrieved August 13, 2022, from
https://www.paperdue.com/essay/computer-systems-are-increasingly-being-190996

"Computer Systems Are Increasingly Being Used To" 06 August 2014. Web.13 August. 2022. <
https://www.paperdue.com/essay/computer-systems-are-increasingly-being-190996>

"Computer Systems Are Increasingly Being Used To", 06 August 2014, Accessed.13 August. 2022,
https://www.paperdue.com/essay/computer-systems-are-increasingly-being-190996

Related Documents
Small Computer Systems Proposed Research
Words: 4808 Length: 15 Pages Topic: Education - Computers Paper #: 43109232

According to Paul B. Mckimmy (2003), "The first consideration of wireless technology is bandwidth. 802.11b (one of four existing wireless Ethernet standards) is currently the most available and affordable specification. It allows a maximum of 11 megabits per second (Mbps)" (p. 111); the author adds that wired Ethernet LANs are typically 10 or 100 Mbps. In 1997, when the IEEE 802.11 standard was first ratified, wireless LANs were incompatible and

When Where and How Is Computer Technology Best Used in the Design...
Words: 6341 Length: 20 Pages Topic: Military Paper #: 28512742

Computer Technology Best Used in the Design Process? The Design Process of a Forty-Five Foot Sailing Boat' Computers are now being used in a growing number of applications. Computers have become a part of almost every academic discipline and area of expertise that anyone can imagine. Computer programs can perform many tasks more quickly and in some cases better than a human can. Computers allow us to see objects from all

Physical Education and Computer Technology
Words: 11589 Length: 40 Pages Topic: Teaching Paper #: 37333864

Computers Are an Underutilized Resource for High School Physical Education Teachers Computers have become an integral part of the high school learning environment, beginning in the early 1990s. They provide a vast variety of resources to help enhance student education through presentation of material in a variety of media and act as an enhancement to teacher lessons. They can sometimes free teachers from routine tasks, allowing them to bring greater depth

System Analysis of T-System Because of Its
Words: 3124 Length: 10 Pages Topic: Health - Nursing Paper #: 5881106

System Analysis of T-SYSTEM Because of its ability to improve the quality and delivery of health care services, the Electronic Health Record is becoming a necessity in almost every healthcare organization. The purpose of this paper is to explain the impact of having an electronic health record system in an emergency department. The current computerized system used at Suny Downstate Hospital in Brooklyn is called T-SYSTEM, and has been in operation

Computer Surveillance: Qualitative Attempt to
Words: 4976 Length: 19 Pages Topic: Education - Computers Paper #: 14360184

Studies suggest that even "more "omniscient" technology is likely to be developed" in the near future (Lyon, 2002). Cookies were perhaps the first form of internet surveillance, developed in 1994 as a means for websites to track visitors logging in so they could provide more optimal service (Lyon, 2002). Now cookies have transformed the shape of communication and have further advanced the ability of criminals to survey individual user functions

Computer Viruses: A Quantitative Analysis
Words: 2542 Length: 10 Pages Topic: Education - Computers Paper #: 27483260

This report will hopefully pull together the research available with regard to this issue, and also identify what users are most at risk for virus attacks. The research currently available also confirms that modern viruses are becoming more insidious and complex, with the potential to incur more damage to computers and data than in the past. Studies suggest that newer versions of viruses may escape detection using standard anti-viral software.